Paranoid Penguin - Security Features in Debian 3.1

Debian gives you every security feature you need and more, but using these tools can be a daunting task.

Virtual Machines in Debian

If you want a hypervisor-based virtual machine environment, such as Xen for
Debian, you need to obtain and compile source code, though that's not
too huge of a barrier. Debian has no Xen packages. Debian does include,
however, binary packages for two other general-purpose virtual machine
environments: user-mode Linux (UML) and Bochs. (It also includes Wine,
but this is more of a shim for running specific Windows applications
than a virtual machine per se.)

Of Debian's two officially supported virtual machines, user-mode
Linux is probably the most viable option for using virtual hosts to
segregate different application environments, for example, Apache on
one virtual machine and BIND9 on another. This is because of performance
limitations in Bochs: Bochs emulates every single x86 CPU instruction
and all PC devices. Bochs therefore would appear to be more suited to
single guest-system applications, such as running Windows applications
on your Linux desktop system. The Bochs Project home page (see Resources) includes
official documentation and links to mailing lists, discussion boards
and so forth. Debian's bochs-doc package
also contains Bochs documentation.

User-mode Linux doesn't support Windows guest systems, but it is
much faster than Bochs and has the added advantage of running all
guest systems' kernels as nonprivileged users (that is, not as root,
like the underlying “host” kernel). See Debian's user-mode-linux-doc
package for more information. If you run a Debian guest on
an underlying Debian host, you may need to install the user-mode-linux
package (on the guest) from Debian's unstable release—the stable
version is unavailable for some reason.

I must add a disclaimer at this point: I've never used UML myself,
being a VMware user of long standing (see my review of VMware Desktop
5.5 on page 56). Therefore, I can't tell you firsthand how
to use UML or even how well it works in Debian.

Enhanced Access Controls in Debian

Several packages in Debian GNU/Linux 3.1 enhance local access
controls. The trustees package lets you define multiple sets of
permissions on a single file/directory/device object by associating
a trustee object with it. For example, you can give members of the
users group read-only access to the file foo.txt, and give members of
the foomasters group write privileges to the same file.

A much more comprehensive set of controls is provided by SELinux,
the US National Security Agency's type-enforcement and role-based
access control system for the Linux kernel. SELinux makes it possible
to manage users, groups and system resources with a very high level of
granularity, even to the extent of making it possible to restrict root's
own privileges.

The trade-off is complexity. Creating and managing SELinux policies that
don't impair needed functionality can be involved. Luckily, besides its
standard selinux-utils package, Debian includes checkpolicy, an SELinux
policy compiler, and setools, a group of utilities for analyzing SELinux
policies and managing users.

If SELinux is more than you're willing to tackle, Debian provides several
other tools for delegating root's authority. sudo, of course, is the
classic in this category, but there's also osh, the Operator's Shell.

Limited-Feature SSH Packages in Debian

Another interesting category of tools that are well represented in Debian
are limited-feature Secure Shell (SSH) tools. SSH, of course,
is an encrypted, strongly authenticated means of running remote shells,
executing remote commands and even for tunneling other TCP-based network
applications including the X Window System. But what if you want
to offer users only a subset of SSH functionality—for example, encrypted file
transfers, without giving them shell access?

Two Debian packages that address this problem are rssh, which allows
users to use scp, rdist, rsync, cvs or sftp over SSH without actual shell
access, and scponly, which allows scp without allowing remote shells.

Filesystem Encryption in Debian

The last category of security tools I highlight here is filesystem
encryption. These are different from more general-purpose encryption
tools, such as gnupg and bcrypt, which are used to encrypt individual
files. Filesystem encryption tools let you encrypt entire volumes
(directory structures), for example, on USB drives and other removable
media.

Three Debian packages that provide filesystem encryption are cryptsetup,
which manages loopback-device encryption via the Linux 2.6 kernel's
dm-crypt functionality; encfs, which doesn't require use of loopback
devices; and lufs-cryptofs, an encryption module for the Linux Userland
Filesystem (lufs). Of the three, cryptsetup offers the best performance,
because it operates at the kernel level. The user-space filesystems,
encfs and lufs, work at a higher layer of abstraction than the
kernel—that is, they're less efficient. They're also, however, more useful for
networked filesystems.

Trending Topics

Upcoming Webinar

Getting Started with DevOps - Including New Data on IT Performance from Puppet Labs 2015 State of DevOps Report

August 27, 2015
12:00 PM CDT

DevOps represents a profound change from the way most IT departments have traditionally worked: from siloed teams and high-anxiety releases to everyone collaborating on uneventful and more frequent releases of higher-quality code. It doesn't matter how large or small an organization is, or even whether it's historically slow moving or risk averse — there are ways to adopt DevOps sanely, and get measurable results in just weeks.